Uber Chief Security Office Joe Sullivan and the lawyer reporting to him were fired after paying hackers $100,000 to cover up a massive data breach from October 2016, the company’s CEO confirmed on Tuesday, Bloomberg writes. The ride-service provider was hacked after two cyber criminals acquired the login credentials of the Amazon Web Services account that stored Uber’s data.
The data breach affected Uber clients and drivers from around the world, but the victims and regulators were never informed. Hackers stole names and drivers’ license numbers of some 600,000 drivers in the US, and personal information of 57 million account holders, such as names, email addresses and mobile phone numbers. They did not get into the corporate systems or infrastructure, nor did they steal information related to trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth, confirmed Uber CEO Dara Khosrowshahi.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Former Uber CEO Travis Kalanick was informed of the breach in November 2016, during a separate federal investigation by the Federal Trade Commission for privacy violations.
Uber ensures the stolen information has been destroyed. At the moment of writing, no evidence of fraud or misuse has been detected. Affected accounts are monitored and will receive extra fraud protection.